[jcifs] A bug in 1.2.17 ?
Asaf Mesika
asaf.mesika at gmail.com
Sun Nov 25 15:43:28 GMT 2007
Hi,
I haven't found a bug-tracking system, so I'm posting a bug I found in
version 1.2.17:
*jcifs.smb.SmbComSessionSetupAndX
*
This class constructor looks like this:
SmbComSessionSetupAndX( SmbSession session, ServerMessageBlock andx ) throws
SmbException {
super( andx );
command = SMB_COM_SESSION_SETUP_ANDX;
this.session = session;
this.auth = session.auth;
if( auth.hashesExternal && *auth.challenge !=
session.transport.server.encryptionKey* ) {
throw new SmbAuthException(
SmbException.NT_STATUS_ACCESS_VIOLATION );
}
}
The following condition:
*auth.challenge != session.transport.server.encryptionKey
*checks for equality between two byte *arrays* .
The *bug:* The only thing checked here is that it's the same object, instead
of checking equality using Arrays.equals(byte[], byte[]).
Anybody can comment on that?
Thank you,
Asaf
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list